Functionality for IPFIREWALL_VERBOSE logging:

- State when we've reached the limit on a particular rule in the kernel logfile - State when a rule or all rules have been zero'd. This gives a log of all actions that occur w/regard to the firewall occurances, and can explain why a particular break-in attempt might not get logged due to the limit being reached. Reviewed by: alex
1996-07-09 20:49:38 +00:00 · 1996-07-09 20:49:38 +00:00 · bce2d3379e
commit bce2d3379e
parent 1e4ad9ce28
1 changed files with 7 additions and 1 deletions
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@ -12,7 +12,7 @@
 *
 * This software is provided ``AS IS'' without any warranties of any kind.
 *
- *	$Id: ip_fw.c,v 1.42 1996/06/25 00:22:20 alex Exp $
+ *	$Id: ip_fw.c,v 1.43 1996/06/29 03:33:20 alex Exp $
 */

 /*
@ -252,6 +252,8 @@ ipfw_report(char *txt, int rule, struct ip *ip, int counter)
 	if ((ip->ip_off & IP_OFFMASK)) 
 		printf(" Fragment = %d",ip->ip_off & IP_OFFMASK);
 	printf("\n");
+	if (fw_verbose_limit != 0 && counter == fw_verbose_limit)
+		printf("ipfw: limit reached on rule #%d\n", rule);
 }

 /*
@ -592,6 +594,10 @@ zero_entry(struct mbuf *m)
 		}
 	splx(s);

+	if ( frwl )
+		printf("ipfw: Entry %d cleared.\n", frwl->fw_number);
+	else
+		printf("ipfw: Accounting cleared.\n");
 	return(0);
 }